ProHoster > Блог > wararka internetka > Siideynta FreeBSD 13.2 oo leh Taageerada Netlink iyo WireGuard

Siideynta FreeBSD 13.2 oo leh Taageerada Netlink iyo WireGuard

Ka dib 11 bilood oo horumarin ah, FreeBSD 13.2 waa la sii daayay. Sawirada rakibaadda waxaa loo soo saaray amd64, i386, powerpc, powerpc64, powerpc64le, powerpcspe, armv6, armv7, aarch64 iyo riscv64 architectures. Intaa waxaa dheer, shirarka waxaa loo diyaariyey nidaamyada wax-ku-oolka ah (QCOW2, VHD, VMDK, cayriin) iyo deegaanka daruuraha Amazon EC2, Google Compute Engine iyo Vagrant.

Isbeddellada muhiimka ah:

  • Awoodda lagu abuurayo sawir-qaadista nidaamyada faylka UFS iyo FFS oo leh karti-galiyaha (cusboonaysiinta jilicsan) ayaa la hirgeliyay. Waxa kale oo lagu daray taageerada kaydinta asalka ah ee qashinka (qashin qubka oo wata calanka “-L”) oo ay ku jirto waxa ku jira nidaamka faylka UFS ee la rakibay marka joornaalku shaqaynayo. Mid ka mid ah sifooyinka aan la heli karin marka la isticmaalayo goynta waa fulinta asalka ah ee hubinta daacadnimada iyadoo la adeegsanayo utility fsck.
  • Halabuurka asaasiga ah waxaa ka mid ah darawalka wg, kaas oo ka shaqeeya heerka kernel-ka isla markaana hirgeliya is-dhexgalka shabakadda VPN WireGuardSi loo isticmaalo algorithms-ka sirta ah ee darawalka loo baahan yahay, nidaamka hoose ee sirta ah ee FreeBSD kernel waxaa lagu kordhiyay duub kaas oo u oggolaanaya isticmaalka algorithms-ka aan la taageerin ee maktabadda libsodium iyada oo loo marayo API-ga caadiga ah ee sirta ah. Inta lagu guda jiray horumarinta, hagaajinta ayaa sidoo kale la sameeyay si si siman loogu dheellitiro u qoondaynta hawlaha sirta ah iyo furfurista xudunta CPU, taasoo yaraynaysa kharashka habaynta baakadaha. WireGuard.

    Isku daygii ugu dambeeyay ee lagu shido WireGuard Isku daygii isku dayga lagu mideynayo FreeBSD ayaa la sameeyay sanadkii 2020, laakiin wuxuu ku dhammaaday muran, iyadoo koodka horey loogu daray laga saaray sababo la xiriira tayo xumo, maaraynta kaydka oo liidata, isticmaalka stubs halkii laga hubin lahaa hubinta, hirgelinta hab-maamuuska oo aan dhammaystirnayn, iyo jebinta GPL. Hirgelinta cusub, oo ay si wadajir ah u diyaariyeen kooxaha horumarinta FreeBSD ee asaasiga ah iyo WireGuard oo ay ku jiraan Jason A. Donenfeld, qoraaga VPN WireGuard, iyo John H. Baldwin, oo ah horumariye caan ah oo FreeBSD ah. Kahor inta aan la aqbalin koodhka cusub, dib u eegis buuxda oo ku saabsan isbeddellada ayaa la sameeyay iyadoo la kaashanayo Hay'adda FreeBSD.

  • Taageerada hab-maamuuska isgaarsiinta Netlink (RFC 3549) ee loo isticmaalo Linux si loo abaabulo isdhexgalka u dhexeeya hababka kernel-ka iyo kuwa isticmaalaha-meel-gaarka ah. Mashruucu wuxuu ku kooban yahay taageeridda qoyska hawlgallada NETLINK_ROUTE ee maaraynta xaaladda nidaamka hoose ee shabakadda ee kernel-ka, kaas oo u oggolaanaya isticmaalka FreeBSD. Linux-adeegga IP-ga ee xirmada iproute2 ee maaraynta isku-xirka shabakadda, rakibidda Cinwaanada IP-ga, dejimaha hagitaanka, iyo maaraynta walxaha nexthop ee kaydiya xogta xaaladda ee loo isticmaalo in lagu gudbiyo baakadka meesha la rabo.
  • Dhammaan nidaamyada saldhigga ah ee lagu fulin karo 64-bit dhufto ee XNUMX-bit waxay leeyihiin Cinwaanka Goobta Layout Randomization (ASLR) si toos ah. Si aad u doorato ASLR, waxaad isticmaali kartaa amarrada "proccontrol -m aslr -s disable" ama "elfctl -e +noaslr".
  • Gudaha ipfw, miisaska radix waxaa loo isticmaalaa in lagu eego cinwaanada MAC, kaas oo kuu ogolaanaya inaad abuurto jadwal leh cinwaanada MAC oo aad u isticmaasho si aad u shaandhayso taraafikada. Tusaale ahaan: ipfw table 1 samee nooca mac ipfw miiska 1 ku dar 11:22:33:44:55:66/48 ipfw ku dar skipto tablearg src-mac 'miiska (1)' 1) ipfw ku dar diidmo raadinta dst-mac 100
  • Qaybaha Kernel dpdk_lpm4 iyo dpdk_lpm6 ayaa lagu daray oo diyaar u ah in lagu shubo iyada oo loo marayo loader.conf iyada oo la adeegsanayo habka DIR-24-8 raadinta algorithm ee IPv4/IPv6, kaas oo kuu ogolaanaya inaad kor u qaaddo hawlaha dariiqa ee martida leh miisaska marin-u-qaadista ee aadka u weyn ( Imtixaannada, kororka xawliga ah ee 25 ayaa lagu arkay %). Si loo habeeyo cutubyada, isticmaalka dariiqa caadiga ah waa la isticmaali karaa (doorashada FIB_ALGO ayaa lagu daray).
  • Hirgelinta nidaamka faylka ZFS waa la cusboonaysiiyay si loo sii daayo OpenZFS 2.1.9. Farta bilowga zfskeys waxay si toos ah u raritaan furayaasha ku kaydsan nidaamka faylka ZFS. Qoraal cusub oo RC ah oo lagu daray zpoolreguid si loogu meeleeyo GUID hal ama ka badan zpools (tusaale faa'iido u leh deegaanka xog-ururinta xogta la wadaago).
  • Bhyve hypervisor-ka iyo moduleka vmm waxay taageeraan in ka badan 15 CPU-yada farsamada ah ee nidaamka martida (oo lagu habeeyey sysctl hw.vmm.maxcpu). Utility bhyve wuxuu fuliyaa ku dayashada aaladda virtio-input, kaas oo aad ku bedeli karto kiiboodhka iyo dhacdooyinka gelinta mouseka nidaamka martida.
  • Gudaha KTLS, hirgelinta borotokoolka TLS ee ku socda heerka FreeBSD kernel, taageerada dardargelinta qalabka TLS 1.3 ayaa lagu daray iyadoo la saarayo qaar ka mid ah hawlgallada la xiriira ka baaraandegidda xirmooyinka soo gala sirta ah ee kaadhka shabakadda. Markii hore, muuqaal la mid ah ayaa diyaar u ahaa TLS 1.1 iyo TLS 1.2.
  • In the growfs startup script, marka la ballaarinayo nidaamka faylalka xididka, waxaa suurtagal ah in lagu daro qayb isku beddelasho ah haddii qaybtan oo kale ay markii hore maqan tahay (tusaale ahaan, faa'iido leh marka la rakibo sawirka nidaamka diyaarsan ee kaarka SD). Si loo xakameeyo cabbirka isdhaafsiga, cabbir cusub growfs_swap_size ayaa lagu daray rc.conf.
  • Qoraalka bilawga ah ee martida loo yahay wuxuu hubinayaa in UUID aan toos ahayn la soo saaray haddii faylka /etc/hostid uu maqan yahay oo UUID aan laga heli karin qalabka. Sidoo kale waxaa lagu daray faylka /etc/machine-id oo leh matalaad is haysta oo ah aqoonsiga martida loo yahay (majiro jilayaal).
  • Doorsoomayaasha defaultrouter_fibN iyo ipv6_defaultrouter_fibN ayaa lagu daray rc.conf, kaas oo aad ku dari karto dariiqyada caadiga ah miisaska FIB ee aan ahayn kan aasaasiga ah.
  • Taageerada xashiishka SHA-512/224 ayaa lagu daray maktabadda libmd.
  • Maktabadda pthread waxay hirgelisaa taageerada macnaha shaqooyinka loo isticmaalo Linux.
  • Taageerada wicitaanada nidaamka ee lagu magacaabo "decoding system calls" ayaa lagu daray kdump. LinuxTaageero loogu talagalay raadinta wicitaanada nidaamka qaabka kdump iyo sysdecode ayaa lagu daray. Linux.
  • Utility killall hadda waxa uu awood u leeyahay in uu u diro calaamada hababka ku xidhan terminal gaar ah (tusaale, "killall -t pts/1").
  • Waxaa lagu daray utility nproc si uu u muujiyo tirada blocks xisaabinta ee la heli karo habka hadda socda.
  • Taageerada dejinta ACS (Adeegyada Xakamaynta Helitaanka) ayaa lagu daray utility pciconf.
  • Goobta SPLIT_KERNEL_DEBUG ayaa lagu daray kernel-ka, kaas oo kuu ogolaanaya inaad kaydiso macluumaadka cilladaha kernel-ka iyo unugyadu faylal kala duwan.
  • Linux ABI wuxuu ku dhow yahay inuu dhammaystiro taageerada habka vDSO (walxaha la wadaago ee firfircoon), kaas oo bixiya nidaam xaddidan oo wicitaanno ah oo laga heli karo booska isticmaalaha iyada oo aan la beddelin macnaha guud. Linux ABI ee nidaamyada ARM64 ayaa la keenay si ay ula midoobaan hirgelinta naqshadaha AMD64.
  • Taageero qalab oo la hagaajiyay. Waxaa lagu daray taageerada la socodka waxqabadka (hwpmc) ee Intel Alder Lake CPUs. Waxaa la cusbooneysiiyay darawalka iwlwifi ee kaararka wireless-ka ee Intel iyadoo la taageerayo jajabyada cusub iyo heerka 802.11ac. Waxaa lagu daray darawalka rtw88 ee kaararka wireless-ka ee Realtek oo leh interface PCI. Waxaa la ballaariyay lakabka linuxkpi si loogu isticmaalo darawalada FreeBSD. Linux.
  • Maktabada OpenSSL waxa loo cusboonaysiiyay nooca 1.1.1t, LLVM/Clang ilaa nooca 14.0.5, iyo server-ka iyo macmiilka SSH waxa la cusboonaysiiyay OpenSSH 9.2p1 (noqolkii hore ee la isticmaalay OpenSSH 8.8p1). Waxa kale oo la cusboonaysiiyay noocyada bc 6.2.4, expat 2.5.0, file 5.43, ka yar 608, libarchive 3.6.2, dirmail 8.17.1, sqlite 3.40.1, unbound 1.17.1, zlib 1.2.13.

Intaa waxaa dheer, waxaa lagu dhawaaqay in, laga bilaabo laanta FreeBSD 14.0, furaha hal mar OPIE, ce iyo cp darawallada, darawallada kaararka ISA, isku-dhafka iyo minigzip utilities, qaybaha ATM ee netgraph (NgATM), habka asalka telnetd iyo VINUM fasalka joom.

Source: opennet.ru

U soo iibso martigelin lagu kalsoonaan karo oo loogu talagalay bogagga leh ilaalinta DDoS, VPS VDS servers 🔥 Iibso martigelin degel oo lagu kalsoonaan karo oo leh ilaalinta DDoS, VPS VDS servers | ProHoster